US8321934B1 - Anti-phishing early warning system based on end user data submission statistics - Google Patents
Anti-phishing early warning system based on end user data submission statistics Download PDFInfo
- Publication number
- US8321934B1 US8321934B1 US12/115,352 US11535208A US8321934B1 US 8321934 B1 US8321934 B1 US 8321934B1 US 11535208 A US11535208 A US 11535208A US 8321934 B1 US8321934 B1 US 8321934B1
- Authority
- US
- United States
- Prior art keywords
- confidential information
- website
- submission
- detecting
- program code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 230000002547 anomalous effect Effects 0.000 claims abstract description 27
- 238000000034 method Methods 0.000 claims abstract description 19
- 230000008569 process Effects 0.000 claims abstract description 4
- 230000006399 behavior Effects 0.000 claims description 28
- 238000007619 statistical method Methods 0.000 claims description 11
- 230000007774 longterm Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 230000003044 adaptive effect Effects 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 5
- 230000004931 aggregating effect Effects 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims 2
- 230000009471 action Effects 0.000 abstract description 6
- 230000001681 protective effect Effects 0.000 abstract description 4
- 238000013461 design Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004224 protection Effects 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003362 replicative effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Definitions
- This invention pertains generally to computer security, and more specifically to using end user data submission statistics to protect users from phishing attacks.
- Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are commonly made by sending fraudulent emails or instant messages, and enticing users to click on a link and submit personal information to what appears to be a legitimate website.
- phishing sites that do not imitate authentic sites, such as fake stores, are even more difficult to detect. Once a phishing site is discovered, new protections are provided to anti-phishing solutions to ensure users are protected until the site is shut down.
- phishing attacks can succeed by producing a large number of phishing sites quickly, even where each site only collects confidential information concerning a few thousand users before being shut down. It would be desirable to robustly protect users from such phishing attacks.
- Websites used for phishing are detected by analyzing end user confidential data submission statistics.
- a central process receives data indicating confidential information submitted to websites from a plurality of user computers.
- the received data is aggregated and analyzed, for example through statistical profiling.
- anomalous behavior concerning submission of confidential information to websites is detected, such ds an unexpected, rapid increase in the amount of confidential information submitted to a given website.
- Such anomalous behavior indicates that the website is being used for phishing.
- Responsive to detecting the anomalous behavior further action is taken to protect users from submitting confidential information to that website. For example, an alert can be sent to an appropriate party or automated system, a protective measure against the site can be published, the site can be added to a blacklist or a procedure to have the site shut down can be initiated.
- FIG. 1 is a block diagram illustrating a system for transmitting end user data concerning submitted confidential information central server for statistical analysis; according to some embodiments of the present invention.
- FIG. 2 is a block diagram illustrating a system for aggregating submitted end user data and detecting anomalous behavior indicative of phishing attacks, according to some embodiments of the present invention.
- FIG. 1 illustrates system 100 for transmitting end user data 105 concerning confidential information 111 submitted to websites 103 to a central server 119 for statistical analysis, according to some embodiments of the present invention.
- each illustrated component represents a collection of functionalities which can be implemented as software, hardware, firmware or any combination of these.
- a component can be implemented as software, it can be implemented as a standalone program, but can also be implemented in other ways, for example as part of a larger program, as plurality of separate programs, as a kernel loadable module, as one or more device drivers or as one or more statically or dynamically linked libraries.
- a tracking component 101 tracks websites 103 visited by a user. Individual tracking components 101 run on each of a plurality of user computers 113 .
- FIG. 1 illustrates three user computers 113 as an example, but it is to be understood that typically the number would be much larger.
- the tracking component 101 is implemented as a web browser plug-in that is capable to tracking user browsing history.
- the tracking component 101 can be implemented in other ways, for example as an HTTP/HTTPS proxy (local or remote, configured or transparent), or as a component that parses a user's web browser history.
- the implementation mechanics of tracking websites 103 visited by users is within the skill set of those of ordinary skill in the relevant art, and the usage thereof within the context of the present invention will be readily apparent to one of such a skill level in light of this specification.
- a monitoring component 109 monitors Outbound confidential information 111 .
- the monitoring component consists of both a database 115 (or other suitable storage mechanism) for storing the confidential information 111 , and a searching component 107 for searching outbound network traffic for occurrences of this confidential data 111 .
- the searching component 107 is implemented as a web browser plug-in, but it can also be implemented in other ways, such as a HTTP/HTTPS proxy (local or remote, configured or transparent).
- the monitoring component 109 works in conjunction with the tracking component 101 to determine what sites 103 are visited and what confidential information 111 is transmitted to each visited site 103 .
- a data submission component 117 submits this data 105 to a central repository for statistical analysis, as described in greater detail below.
- the data submission component 117 transmits the data 105 to a central computer security server 119 , which receives such data 105 from each of the plurality of user computers 113 .
- the data 105 transmitted to the server 119 can be kept anonymous.
- user identifying information can be omitted, as a general summary of the submitted confidential information 111 is sufficient for statistical analysis.
- the data 105 summarizing a submission of confidential information 111 could be in a format such as “1 VISA numbers, 1 pin number, 1 social security number, 1 name, 1 address, 2 phone numbers, 1 DOB submitted to amazon.com.”
- the data submission component 117 is illustrated as running on the client 113 and transmitting raw data 105 to the server 119 , it is to be understood that in some embodiments, clients 113 can perform statistical compilation on the data 105 locally, and then transmit compiled statistics concerning confidential information 111 submitted to various websites 103 . Whether the statistical compilation is performed by clients 113 or a server 119 , or distributed between such computing devices in any combination, is a variable design choice.
- a backend component 205 running on the server 119 collects data 105 submitted by the plurality of user computers 113 .
- the backend component 205 typically comprises a large database (or other suitable storage mechanism) 207 , and a well defined interface 209 that allows the data submission components 117 running on user computers 113 to submit data 105 .
- the backend component 205 aggregates the data 105 submitted from the various user computers 113 , and stores the aggregated data 203 in the database 207 for statistical analysis as described below.
- An anomalous behavior identification component 211 accesses the aggregated data 203 stored in the database 207 to identify anomalies in the data 105 being submitted to any given website 103 .
- the corresponding analysis performed by the anomalous behavior identification component 211 can be as simple as detecting a spike in submission confidential information 111 to a given website 103 , or as complicated as adaptive statistical anomaly detection, which applies statistical usage profiling to continuously modify a baseline, by which all confidential information disclosure activity is measured to identify anomalous behavior.
- the anomalous behavior identification component 211 maintains, two sets of usage data (not illustrated), a long-term confidential information 111 disclosure activity profile and a short-term confidential information 111 disclosure profile.
- the long-term disclosure profile encompasses a blend of confidential information 111 disclosure patterns observed over a long period of time, while the short-term disclosure profile represents the disclosure patterns over a short period of time.
- the anomalous behavior identification component 211 compares the short-term profile to the long-term profile, and detects statistically significant deviations. Such a detected deviation is considered an indication of a phishing attack, and is processed appropriately as described below.
- the magnitude of deviation which is considered to be statistically significant is a variable design parameter, as is what specific periods of time constitute “long” and “short” term.
- the anomalous behavior identification component 211 rolls the short-term observed usage into the long-term usage profile, to account for legitimate changes in website 103 behaviors.
- This type of analysis would recognize, e.g., the differences between a new, legitimate online store that slowly grows in popularity and a phishing attack that receives thousands of hits in the first few hours. Further, the thresholds in this form of adaptive analysis can be tuned over time based, on observed attacks.
- the anomalous behavior identification component 211 would typically value different forms of confidential information 111 differently, e.g., submission of a social security number or PIN code should occur much less frequently than an email address or credit card number.
- a reaction component 201 can take appropriate action as desired. What specific action to take responsive to detecting anomalous behavior indicating a phishing attack is a variable design choice.
- the reaction component 201 transmits an alert 213 to a centralized, automated computer security system 215 that can publish any of a number of protective measures against the attack, such as a new rule for an anti-phishing product, or a new entry in a database of known bad sites 103 .
- the alert 213 can also be sent to a human technician (not illustrated), who can verify that the anomalous behavior in fact indicates a phishing attack. The technician could then publish a protective measure against the attack, or forward the alert to the automated system 215 .
- the automated system 215 (or the technician) can also submit traceable dummy data to the detected phishing site 103 , and initiate an interaction with the hosting ISP or registrar to have the site 103 taken down.
- the reaction component 201 transmits appropriate warnings 217 to users, indicating the site 103 has been identified as malicious.
- computer security investigators and companies would have a statistically significant view of confidential information 111 disclosures on the Internet, providing near real-time information to assist in the identification, shutdown, and protection against phishing attacks.
- the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
- the particular naming and division of the portions, modules, agents, managers, components, functions, procedures, actions, layers, features, attributes, methodologies and other aspects are not mandatory or significant, and the mechanisms that implement the invention or its features may have different names, divisions and/or formats.
- the portions, modules, agents, managers, components, functions, procedures, actions, layers, features, attributes, methodologies and other aspects of the invention can be implemented as software, hardware, firmware or any combination of the three.
- a component of the present invention is implemented as software
- the component can be implemented as a script, as a standalone program, as part of a larger program, as a plurality of separate scripts and/or programs, as a statically or dynamically linked library, as a kernel loadable module, as a device driver, and/or in every and any other way known now or in the future to those of skill in the art of computer programming.
- the present invention is in no way limited to implementation in any specific programming language, or for any specific operating system or environment.
- the software components thereof can be stored on computer readable media as computer program products.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (12)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/115,352 US8321934B1 (en) | 2008-05-05 | 2008-05-05 | Anti-phishing early warning system based on end user data submission statistics |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/115,352 US8321934B1 (en) | 2008-05-05 | 2008-05-05 | Anti-phishing early warning system based on end user data submission statistics |
Publications (1)
Publication Number | Publication Date |
---|---|
US8321934B1 true US8321934B1 (en) | 2012-11-27 |
Family
ID=47191032
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/115,352 Active 2030-11-26 US8321934B1 (en) | 2008-05-05 | 2008-05-05 | Anti-phishing early warning system based on end user data submission statistics |
Country Status (1)
Country | Link |
---|---|
US (1) | US8321934B1 (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080276302A1 (en) * | 2005-12-13 | 2008-11-06 | Yoggie Security Systems Ltd. | System and Method for Providing Data and Device Security Between External and Host Devices |
US20090126003A1 (en) * | 2007-05-30 | 2009-05-14 | Yoggie Security Systems, Inc. | System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device |
US20090249465A1 (en) * | 2008-03-26 | 2009-10-01 | Shlomo Touboul | System and Method for Implementing Content and Network Security Inside a Chip |
US20100037321A1 (en) * | 2008-08-04 | 2010-02-11 | Yoggie Security Systems Ltd. | Systems and Methods for Providing Security Services During Power Management Mode |
US20100212012A1 (en) * | 2008-11-19 | 2010-08-19 | Yoggie Security Systems Ltd. | Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device |
US8527526B1 (en) * | 2012-05-02 | 2013-09-03 | Google Inc. | Selecting a list of network user identifiers based on long-term and short-term history data |
US8615807B1 (en) | 2013-02-08 | 2013-12-24 | PhishMe, Inc. | Simulated phishing attack with sequential messages |
US8635703B1 (en) * | 2013-02-08 | 2014-01-21 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
US8719940B1 (en) | 2013-02-08 | 2014-05-06 | PhishMe, Inc. | Collaborative phishing attack detection |
US8782197B1 (en) | 2012-07-17 | 2014-07-15 | Google, Inc. | Determining a model refresh rate |
GB2509766A (en) * | 2013-01-14 | 2014-07-16 | Wonga Technology Ltd | Website analysis |
US8874589B1 (en) | 2012-07-16 | 2014-10-28 | Google Inc. | Adjust similar users identification based on performance feedback |
US8886575B1 (en) | 2012-06-27 | 2014-11-11 | Google Inc. | Selecting an algorithm for identifying similar user identifiers based on predicted click-through-rate |
US8886799B1 (en) | 2012-08-29 | 2014-11-11 | Google Inc. | Identifying a similar user identifier |
US8914500B1 (en) | 2012-05-21 | 2014-12-16 | Google Inc. | Creating a classifier model to determine whether a network user should be added to a list |
US9053185B1 (en) | 2012-04-30 | 2015-06-09 | Google Inc. | Generating a representative model for a plurality of models identified by similar feature data |
US9065727B1 (en) | 2012-08-31 | 2015-06-23 | Google Inc. | Device identifier similarity models derived from online event signals |
US20150381654A1 (en) * | 2013-07-05 | 2015-12-31 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for detecting potential phishing websites |
US9262629B2 (en) | 2014-01-21 | 2016-02-16 | PhishMe, Inc. | Methods and systems for preventing malicious use of phishing simulation records |
US9325730B2 (en) | 2013-02-08 | 2016-04-26 | PhishMe, Inc. | Collaborative phishing attack detection |
US9344449B2 (en) | 2013-03-11 | 2016-05-17 | Bank Of America Corporation | Risk ranking referential links in electronic messages |
US9398038B2 (en) | 2013-02-08 | 2016-07-19 | PhishMe, Inc. | Collaborative phishing attack detection |
US9407654B2 (en) | 2014-03-20 | 2016-08-02 | Microsoft Technology Licensing, Llc | Providing multi-level password and phishing protection |
US9497622B2 (en) | 2005-12-13 | 2016-11-15 | Cupp Computing As | System and method for providing network security to mobile devices |
US20170034211A1 (en) * | 2015-07-27 | 2017-02-02 | Swisscom Ag | Systems and methods for identifying phishing websites |
US9762614B2 (en) | 2014-02-13 | 2017-09-12 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US9906554B2 (en) | 2015-04-10 | 2018-02-27 | PhishMe, Inc. | Suspicious message processing and incident response |
US9973501B2 (en) | 2012-10-09 | 2018-05-15 | Cupp Computing As | Transaction security systems and methods |
TWI628941B (en) * | 2015-10-22 | 2018-07-01 | 趨勢科技股份有限公司 | Phishing detection by login page census |
US11157976B2 (en) | 2013-07-08 | 2021-10-26 | Cupp Computing As | Systems and methods for providing digital content marketplace security |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040111632A1 (en) | 2002-05-06 | 2004-06-10 | Avner Halperin | System and method of virus containment in computer networks |
US20050238005A1 (en) | 2004-04-21 | 2005-10-27 | Yi-Fen Chen | Method and apparatus for controlling traffic in a computer network |
US20050262559A1 (en) | 2004-05-19 | 2005-11-24 | Huddleston David E | Method and systems for computer security |
US20060212925A1 (en) | 2005-03-02 | 2006-09-21 | Markmonitor, Inc. | Implementing trust policies |
US20070192855A1 (en) * | 2006-01-18 | 2007-08-16 | Microsoft Corporation | Finding phishing sites |
US20070220595A1 (en) * | 2006-02-10 | 2007-09-20 | M Raihi David | System and method for network-based fraud and authentication services |
US20080288303A1 (en) * | 2006-03-17 | 2008-11-20 | Claria Corporation | Method for Detecting and Preventing Fraudulent Internet Advertising Activity |
US7797421B1 (en) * | 2006-12-15 | 2010-09-14 | Amazon Technologies, Inc. | Method and system for determining and notifying users of undesirable network content |
US7854001B1 (en) | 2007-06-29 | 2010-12-14 | Trend Micro Incorporated | Aggregation-based phishing site detection |
-
2008
- 2008-05-05 US US12/115,352 patent/US8321934B1/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040111632A1 (en) | 2002-05-06 | 2004-06-10 | Avner Halperin | System and method of virus containment in computer networks |
US20050238005A1 (en) | 2004-04-21 | 2005-10-27 | Yi-Fen Chen | Method and apparatus for controlling traffic in a computer network |
US20050262559A1 (en) | 2004-05-19 | 2005-11-24 | Huddleston David E | Method and systems for computer security |
US20060212925A1 (en) | 2005-03-02 | 2006-09-21 | Markmonitor, Inc. | Implementing trust policies |
US20070192855A1 (en) * | 2006-01-18 | 2007-08-16 | Microsoft Corporation | Finding phishing sites |
US20070220595A1 (en) * | 2006-02-10 | 2007-09-20 | M Raihi David | System and method for network-based fraud and authentication services |
US20080288303A1 (en) * | 2006-03-17 | 2008-11-20 | Claria Corporation | Method for Detecting and Preventing Fraudulent Internet Advertising Activity |
US7797421B1 (en) * | 2006-12-15 | 2010-09-14 | Amazon Technologies, Inc. | Method and system for determining and notifying users of undesirable network content |
US7854001B1 (en) | 2007-06-29 | 2010-12-14 | Trend Micro Incorporated | Aggregation-based phishing site detection |
Non-Patent Citations (5)
Title |
---|
A Behavior-based Approach Towards Statistics-Preserving Network Trace Anonymization Song, Yingbo. ProQuest Dissertations and Theses 2012. vol. 0984,Iss.0054;p.n/a;Source: ProQuest Dissertations and Theses. * |
Integrated detection of anomalous behavior of computer infrastructures Maggi, F.; Zanero, S. Network Operations and Management Symposium (NOMS), 2012 IEEE (1542-1201) (978-1-4673-0267-8) 2012. p. 866-871. * |
Measurement and vulnerability analysis of overlay networks and peer-to-peer systems Dhungel, Prithula. ProQuest Dissertations and Theses 2012. vol. 0984,Iss.1540;p.n/a. * |
Official Action received from USPTO dated Apr. 27, 2011 for U.S. Appl. No. 12/124,999, filed May 21, 2008. |
Official Action received from USPTO dated Oct. 21, 2011 for U.S. Appl. No. 12/124,999, filed May 21, 2008. |
Cited By (93)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10621344B2 (en) | 2005-12-13 | 2020-04-14 | Cupp Computing As | System and method for providing network security to mobile devices |
US9747444B1 (en) | 2005-12-13 | 2017-08-29 | Cupp Computing As | System and method for providing network security to mobile devices |
US20080276302A1 (en) * | 2005-12-13 | 2008-11-06 | Yoggie Security Systems Ltd. | System and Method for Providing Data and Device Security Between External and Host Devices |
US11822653B2 (en) | 2005-12-13 | 2023-11-21 | Cupp Computing As | System and method for providing network security to mobile devices |
US10089462B2 (en) | 2005-12-13 | 2018-10-02 | Cupp Computing As | System and method for providing network security to mobile devices |
US20150215282A1 (en) | 2005-12-13 | 2015-07-30 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US10313368B2 (en) | 2005-12-13 | 2019-06-04 | Cupp Computing As | System and method for providing data and device security between external and host devices |
US11461466B2 (en) | 2005-12-13 | 2022-10-04 | Cupp Computing As | System and method for providing network security to mobile devices |
US10417421B2 (en) | 2005-12-13 | 2019-09-17 | Cupp Computing As | System and method for providing network security to mobile devices |
US10541969B2 (en) | 2005-12-13 | 2020-01-21 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US9497622B2 (en) | 2005-12-13 | 2016-11-15 | Cupp Computing As | System and method for providing network security to mobile devices |
US9781164B2 (en) | 2005-12-13 | 2017-10-03 | Cupp Computing As | System and method for providing network security to mobile devices |
US10839075B2 (en) | 2005-12-13 | 2020-11-17 | Cupp Computing As | System and method for providing network security to mobile devices |
US11652829B2 (en) | 2007-03-05 | 2023-05-16 | Cupp Computing As | System and method for providing data and device security between external and host devices |
US10999302B2 (en) | 2007-03-05 | 2021-05-04 | Cupp Computing As | System and method for providing data and device security between external and host devices |
US10419459B2 (en) | 2007-03-05 | 2019-09-17 | Cupp Computing As | System and method for providing data and device security between external and host devices |
US10567403B2 (en) | 2007-03-05 | 2020-02-18 | Cupp Computing As | System and method for providing data and device security between external and host devices |
US10951659B2 (en) | 2007-05-30 | 2021-03-16 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US9756079B2 (en) | 2007-05-30 | 2017-09-05 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US20090126003A1 (en) * | 2007-05-30 | 2009-05-14 | Yoggie Security Systems, Inc. | System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device |
US10904293B2 (en) | 2007-05-30 | 2021-01-26 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US10284603B2 (en) | 2007-05-30 | 2019-05-07 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US20180302444A1 (en) | 2007-05-30 | 2018-10-18 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US11757941B2 (en) | 2007-05-30 | 2023-09-12 | CUPP Computer AS | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US9391956B2 (en) | 2007-05-30 | 2016-07-12 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US10057295B2 (en) | 2007-05-30 | 2018-08-21 | Cupp Computing As | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US11050712B2 (en) | 2008-03-26 | 2021-06-29 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US20090249465A1 (en) * | 2008-03-26 | 2009-10-01 | Shlomo Touboul | System and Method for Implementing Content and Network Security Inside a Chip |
US8869270B2 (en) | 2008-03-26 | 2014-10-21 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US11757835B2 (en) | 2008-03-26 | 2023-09-12 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US9843595B2 (en) | 2008-08-04 | 2017-12-12 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US9106683B2 (en) | 2008-08-04 | 2015-08-11 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US11947674B2 (en) | 2008-08-04 | 2024-04-02 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US20100037321A1 (en) * | 2008-08-04 | 2010-02-11 | Yoggie Security Systems Ltd. | Systems and Methods for Providing Security Services During Power Management Mode |
US11775644B2 (en) | 2008-08-04 | 2023-10-03 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US9516040B2 (en) | 2008-08-04 | 2016-12-06 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US10084799B2 (en) | 2008-08-04 | 2018-09-25 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US10404722B2 (en) | 2008-08-04 | 2019-09-03 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US10951632B2 (en) | 2008-08-04 | 2021-03-16 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US8631488B2 (en) * | 2008-08-04 | 2014-01-14 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US11449613B2 (en) | 2008-08-04 | 2022-09-20 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US11036836B2 (en) | 2008-11-19 | 2021-06-15 | Cupp Computing As | Systems and methods for providing real time security and access monitoring of a removable media device |
US11604861B2 (en) | 2008-11-19 | 2023-03-14 | Cupp Computing As | Systems and methods for providing real time security and access monitoring of a removable media device |
US8789202B2 (en) | 2008-11-19 | 2014-07-22 | Cupp Computing As | Systems and methods for providing real time access monitoring of a removable media device |
US10417400B2 (en) | 2008-11-19 | 2019-09-17 | Cupp Computing As | Systems and methods for providing real time security and access monitoring of a removable media device |
US20100212012A1 (en) * | 2008-11-19 | 2010-08-19 | Yoggie Security Systems Ltd. | Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device |
US9053185B1 (en) | 2012-04-30 | 2015-06-09 | Google Inc. | Generating a representative model for a plurality of models identified by similar feature data |
US8527526B1 (en) * | 2012-05-02 | 2013-09-03 | Google Inc. | Selecting a list of network user identifiers based on long-term and short-term history data |
US8914500B1 (en) | 2012-05-21 | 2014-12-16 | Google Inc. | Creating a classifier model to determine whether a network user should be added to a list |
US8886575B1 (en) | 2012-06-27 | 2014-11-11 | Google Inc. | Selecting an algorithm for identifying similar user identifiers based on predicted click-through-rate |
US8874589B1 (en) | 2012-07-16 | 2014-10-28 | Google Inc. | Adjust similar users identification based on performance feedback |
US8782197B1 (en) | 2012-07-17 | 2014-07-15 | Google, Inc. | Determining a model refresh rate |
US8886799B1 (en) | 2012-08-29 | 2014-11-11 | Google Inc. | Identifying a similar user identifier |
US9065727B1 (en) | 2012-08-31 | 2015-06-23 | Google Inc. | Device identifier similarity models derived from online event signals |
US10397227B2 (en) | 2012-10-09 | 2019-08-27 | Cupp Computing As | Transaction security systems and methods |
US9973501B2 (en) | 2012-10-09 | 2018-05-15 | Cupp Computing As | Transaction security systems and methods |
US11757885B2 (en) | 2012-10-09 | 2023-09-12 | Cupp Computing As | Transaction security systems and methods |
US10904254B2 (en) | 2012-10-09 | 2021-01-26 | Cupp Computing As | Transaction security systems and methods |
GB2509766A (en) * | 2013-01-14 | 2014-07-16 | Wonga Technology Ltd | Website analysis |
US9667645B1 (en) | 2013-02-08 | 2017-05-30 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
US8615807B1 (en) | 2013-02-08 | 2013-12-24 | PhishMe, Inc. | Simulated phishing attack with sequential messages |
US9398038B2 (en) | 2013-02-08 | 2016-07-19 | PhishMe, Inc. | Collaborative phishing attack detection |
US8966637B2 (en) | 2013-02-08 | 2015-02-24 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
US10187407B1 (en) | 2013-02-08 | 2019-01-22 | Cofense Inc. | Collaborative phishing attack detection |
US9591017B1 (en) | 2013-02-08 | 2017-03-07 | PhishMe, Inc. | Collaborative phishing attack detection |
US9356948B2 (en) | 2013-02-08 | 2016-05-31 | PhishMe, Inc. | Collaborative phishing attack detection |
US9246936B1 (en) | 2013-02-08 | 2016-01-26 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
US9253207B2 (en) | 2013-02-08 | 2016-02-02 | PhishMe, Inc. | Collaborative phishing attack detection |
US9674221B1 (en) | 2013-02-08 | 2017-06-06 | PhishMe, Inc. | Collaborative phishing attack detection |
US8635703B1 (en) * | 2013-02-08 | 2014-01-21 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
US10819744B1 (en) | 2013-02-08 | 2020-10-27 | Cofense Inc | Collaborative phishing attack detection |
US8719940B1 (en) | 2013-02-08 | 2014-05-06 | PhishMe, Inc. | Collaborative phishing attack detection |
US9325730B2 (en) | 2013-02-08 | 2016-04-26 | PhishMe, Inc. | Collaborative phishing attack detection |
US9053326B2 (en) | 2013-02-08 | 2015-06-09 | PhishMe, Inc. | Simulated phishing attack with sequential messages |
US9635042B2 (en) | 2013-03-11 | 2017-04-25 | Bank Of America Corporation | Risk ranking referential links in electronic messages |
US9344449B2 (en) | 2013-03-11 | 2016-05-17 | Bank Of America Corporation | Risk ranking referential links in electronic messages |
US9712562B2 (en) * | 2013-07-05 | 2017-07-18 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for detecting potential phishing websites |
US20150381654A1 (en) * | 2013-07-05 | 2015-12-31 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for detecting potential phishing websites |
US11157976B2 (en) | 2013-07-08 | 2021-10-26 | Cupp Computing As | Systems and methods for providing digital content marketplace security |
US9262629B2 (en) | 2014-01-21 | 2016-02-16 | PhishMe, Inc. | Methods and systems for preventing malicious use of phishing simulation records |
US20180205760A1 (en) | 2014-02-13 | 2018-07-19 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US12034772B2 (en) | 2014-02-13 | 2024-07-09 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US11316905B2 (en) | 2014-02-13 | 2022-04-26 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US10666688B2 (en) | 2014-02-13 | 2020-05-26 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US9762614B2 (en) | 2014-02-13 | 2017-09-12 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US11743297B2 (en) | 2014-02-13 | 2023-08-29 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US10291656B2 (en) | 2014-02-13 | 2019-05-14 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US9407654B2 (en) | 2014-03-20 | 2016-08-02 | Microsoft Technology Licensing, Llc | Providing multi-level password and phishing protection |
US9906539B2 (en) | 2015-04-10 | 2018-02-27 | PhishMe, Inc. | Suspicious message processing and incident response |
US9906554B2 (en) | 2015-04-10 | 2018-02-27 | PhishMe, Inc. | Suspicious message processing and incident response |
US20170034211A1 (en) * | 2015-07-27 | 2017-02-02 | Swisscom Ag | Systems and methods for identifying phishing websites |
US10708302B2 (en) * | 2015-07-27 | 2020-07-07 | Swisscom Ag | Systems and methods for identifying phishing web sites |
TWI628941B (en) * | 2015-10-22 | 2018-07-01 | 趨勢科技股份有限公司 | Phishing detection by login page census |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8321934B1 (en) | Anti-phishing early warning system based on end user data submission statistics | |
US11818169B2 (en) | Detecting and mitigating attacks using forged authentication objects within a domain | |
US11470108B2 (en) | Detection and prevention of external fraud | |
US20220053013A1 (en) | User and entity behavioral analysis with network topology enhancement | |
US11582207B2 (en) | Detecting and mitigating forged authentication object attacks using an advanced cyber decision platform | |
US11968227B2 (en) | Detecting KERBEROS ticket attacks within a domain | |
Holm et al. | An expert-based investigation of the common vulnerability scoring system | |
US11818150B2 (en) | System and methods for detecting and mitigating golden SAML attacks against federated services | |
US11757849B2 (en) | Detecting and mitigating forged authentication object attacks in multi-cloud environments | |
US20200311630A1 (en) | Adaptive enterprise risk evaluation | |
US12041091B2 (en) | System and methods for automated internet- scale web application vulnerability scanning and enhanced security profiling | |
US12058177B2 (en) | Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance | |
Sheng et al. | An empirical analysis of phishing blacklists | |
Yen et al. | An epidemiological study of malware encounters in a large enterprise | |
RU2607229C2 (en) | Systems and methods of dynamic indicators aggregation to detect network fraud | |
US8312536B2 (en) | Hygiene-based computer security | |
US9830453B1 (en) | Detection of code modification | |
US8689341B1 (en) | Anti-phishing system based on end user data submission quarantine periods for new websites | |
US11960604B2 (en) | Online assets continuous monitoring and protection | |
CN107682345B (en) | IP address detection method and device and electronic equipment | |
US20230283641A1 (en) | Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement | |
Massa et al. | A fraud detection system based on anomaly intrusion detection systems for e-commerce applications | |
JP6623128B2 (en) | Log analysis system, log analysis method, and log analysis device | |
US8214907B1 (en) | Collection of confidential information dissemination statistics | |
US8266704B1 (en) | Method and apparatus for securing sensitive data from misappropriation by malicious software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SYMANTEC CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:COOLEY, SHAUN;SOBEL, WILLIAM E.;SIGNING DATES FROM 20080430 TO 20080501;REEL/FRAME:020904/0085 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: JPMORGAN, N.A., NEW YORK Free format text: SECURITY AGREEMENT;ASSIGNORS:SYMANTEC CORPORATION;BLUE COAT LLC;LIFELOCK, INC,;AND OTHERS;REEL/FRAME:050926/0560 Effective date: 20191104 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
AS | Assignment |
Owner name: NORTONLIFELOCK INC., CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:SYMANTEC CORPORATION;REEL/FRAME:053306/0878 Effective date: 20191104 |
|
AS | Assignment |
Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA Free format text: SECURITY AGREEMENT;ASSIGNOR:NORTONLIFELOCK INC.;REEL/FRAME:062220/0001 Effective date: 20220912 Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA Free format text: NOTICE OF SUCCESSION OF AGENCY (REEL 050926 / FRAME 0560);ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:061422/0371 Effective date: 20220912 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |